grok

Rust port of Elastic Grok processor, inspired by grok-go and grok

Example

Only with default patterns

let grok = Grok::default();
let pattern = grok
    // USERNAME are defined in grok-patterns
    .compile("%{USERNAME}", false)
    .unwrap();
let result = pattern.parse("admin admin@example.com").unwrap();
println!("{:#?}", result);

the output is:

{
    "USERNAME": String(
        "admin",
    ),
}

With user-defined patterns

let mut grok = Grok::default();
grok.add_pattern("NAME", r"[A-z0-9._-]+");
let pattern = grok.compile("%{NAME}", false).unwrap();
let result = pattern.parse("admin").unwrap();
println!("{:#?}", result);

the output is:

{
    "NAME": String(
        "admin",
    ),
}

With `named_capture_only` is true

let grok = Grok::default();
let pattern = grok
    .compile("%{USERNAME} %{EMAILADDRESS:email}", true)
    .unwrap();
let result = pattern.parse("admin admin@example.com").unwrap();
println!("{:#?}", result);

the output is:

{
    "email": String(
        "admin@example.com",
    ),
}

With type

let mut grok = Grok::default();
grok.add_pattern("NUMBER", r"\d+");

let pattern = grok.compile("%{NUMBER:digit:int}", false).unwrap();
let result = pattern.parse("hello 123").unwrap();
println!("{:#?}", result);

the output is:

{
    "digit": Int(
        123,
    ),
}

Elastic Grok compliance

This crate declares compatible with elastic grok patterns v8.14.0, which is tagged at 2024-06-05.

grok-rs 0.1.0

grok

Example

Only with default patterns

With user-defined patterns

With named_capture_only is true

With type

Elastic Grok compliance

With `named_capture_only` is true